AWS ALB Host Header Rules: Strengthening Traffic Control
Cloud DevOps Engineer with hands-on experience in AWS and on-premise data centers. Continuously learning and growing my skills in cloud automation.
In modern cloud architectures, controlling incoming traffic at the application layer is critical. Amazon Web Services Application Load Balancer (ALB) enables fine-grained routing using listener rules, including filtering based on host headers.
What is a Host Header Rule?
A Host header rule ensures that only requests matching specific domain names (e.g., demo.cloud.com) are allowed and routed to your backend.
This helps:
Route traffic to the correct service
Restrict access to only valid domains
How to Configure (as shown in screenshot)
Go to EC2 → Load Balancers → Listeners
Select your HTTPS:443 listener
Click Add rule
Under Conditions → Add condition → Host header
Enter your domain:
Exact:
demo.example.comWildcard:
*.example.com
Set action → Forward to target group
Assign priority (lower number = higher priority)
Important Behavior
Rules are evaluated top-down (by priority)
If no rule matches → Default action is triggered (commonly 403)
Why It Matters
Prevents unwanted traffic hitting your backend
Reduces exposure via ALB DNS
Helps mitigate Host Header Injection risks
Key Takeaway
Use Host Header rules to allow only trusted domains and enforce a default deny (403) for everything else.
